Vulnerability scanning is an automated process to identify vulnerabilities of computing systems in a network to determine if and where a system can be exploited and/or threatened. It seeks out security flaws based on a database of known flaws, testing systems for the occurrence of these flaws and generating a report of the findings.

•

Characteristics:

–

Uses authentication and permissions;

–

Permits in-depth scanning;

–

Identifies the underlying cause of the vulnerability;

–

Safe to implement – uses legitimate network services rather than “attack” targets; and